Enumerating subdomain when performing recon (or asset identification) is a task that you will (and should) perform regularly.
Methods
Scraping
Brute-force
Alterations & permutations of already known subdomains
Online DNS tools
spyse [https://spyse.com/tools/subdomain-finder]
nmmapper [https://www.nmmapper.com/sys/tools/subdomainfinder/]